Security researchers at Google say that they've discovered serious security flaws affecting computer processors built by Intel and other chipmakers. It’s a bug in the Intel chips that allows low-privilege processes to access memory in the computer's kernel.
Kernels have complete control over the entire system, they connect applications to the processor, memory, and other hardware inside a computer.
This has led to a redesign of Linux and Windows kernels. According to The Verge, programmers have been working for the past two months on patching the Linux kernel's virtual memory system to bar the hardware bug in Intel CPU's that can potentially let attackers exploit security loopholes and get access to data and files.
KK Mokhey, CEO and Founder of Network Intelligence, a cyber security consulting firm, said:
This issue represents a higher risk in cloud environments because it would be very easy to create an AWS or Azure account, start a new instance and then run the exploit to dump memory of the server which would be hosting many other instances of other customers. The attacker would then leverage the passwords or private keys dumped from memory of other servers to access those and then keep jumping across the entire network of the cloud service provider. This is why almost all cloud service providers have issued advisories and rushed to apply patches.
KK added, “For enterprise customers who are not on the cloud, this issue isn't going to bring the skies crashing down as it's not remotely exploitable. So launching the attack would first require compromising the network and systems using some other means of attack. Widespread attack is unlikely to be seen immediately unless it gets combined with a vulnerability to first get access to the target system and then run the memory dumping exploit code (such as EternalBlue type vulnerability exploited by Wannacry).”
On Wednesday evening, a team of researchers combining Google's Project Zero, universities including the Graz University of Technology, the University of Pennsylvania, the University of Adelaide in Australia, and security companies including Cyberus and Rambus released the full details of two attacks based on that flaw, which they have called Meltdown and Spectre, WIRED reported.
Google’s Project Zero team said that the flaw could allow bad actors to gather passwords and other sensitive data from a system’s memory.
The tech company disclosed the vulnerability not long after Intel said it's working to patch it. Intel says the average computer user won't experience significant slowdowns as it's fixed.
Both Intel and Google said they were planning to disclose the issue next week when fixes will be available. Tech companies typically withhold details about security problems until fixes are available so that hackers wouldn't have a roadmap to exploit the flaws. But in this case, Intel was forced to disclose the problem on Wednesday after British technology site The Register reported it, causing Intel's stock to fall.
Google says it also affects other processors and the devices and operating systems running them.
Although Intel cited rival AMD as among the companies it's working with to address the problem, AMD said in a statement that it believes its chips are safe because they use different designs.
Intel's stock fell 3.4 percent on Wednesday to close at $45.26, while AMD gained 5.2 percent to close at $11.55.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)